New rootkit version

Discussion in 'malware problems & news' started by Vercingetorix, Oct 19, 2009.

Thread Status:
Not open for further replies.
  1. Vercingetorix

    Vercingetorix Registered Member

    Joined:
    Dec 7, 2005
    Posts:
    1
    I work in a school district, and we have root kit running through our domain. It is a new variant of qakbot, it makes a folder in c:\doc~\All Users\_qbothome. It gathers all information stored in auto complete for the computer and web browsers, and it has a key logger for https sites. It stores this information in a txt file and uploads it to servers, for identity theft. It is phoning home to domains in china for updates on a regular basis. We have had the rootkit since some time in August, and all of this time has been undetected by Trend Micro. I suggest blocking up002.cn and nt2002.cn to protect yourselves. (If you do not already block all of cn)
     
    Last edited: Oct 19, 2009
  2. Melannk24

    Melannk24 Registered Member

    Joined:
    Oct 21, 2009
    Posts:
    1
    What school district are you located in? I've heard of other infections....

    What are the names of the processes? qbotinj.exe? qbotnti.exe?

    Thanks.
     
  3. tgell

    tgell Registered Member

    Joined:
    Nov 12, 2004
    Posts:
    1,073
Loading...
Thread Status:
Not open for further replies.